flat assembler
Message board for the users of flat assembler.

Index > Windows > Proc in 64 bit. Couple questions.

Author
Thread Post new topic Reply to topic
Roman



Joined: 21 Apr 2012
Posts: 1872
Roman 26 Sep 2019, 08:23
I try write in 64 bit program:
Code:
HiMsg dq HiMsgB
proc HiMsgB name:qword
invoke MessageBox,0,[name],0,0 ;name empty ?!
ret
endp
    

In code write:
Code:
invoke HiMsg,'Hi ! World !'
    


But get empty MessageBox.
I rewrite HiMsgB:
Code:
HiMsg dq HiMsgB
proc HiMsgB name:qword
mov [name2],rcx
invoke MessageBox,0,[name2],0,0 ;work fine
ret
name2 dq 0
endp
    
Post 26 Sep 2019, 08:23
View user's profile Send private message Reply with quote
Roman



Joined: 21 Apr 2012
Posts: 1872
Roman 26 Sep 2019, 08:25
My question how right write proc for 64 bit programs ?
Post 26 Sep 2019, 08:25
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20486
Location: In your JS exploiting you and your system
revolution 26 Sep 2019, 08:33
When you use invoke to call a procedure the values of the first four parameters are in registers and are not placed into memory. This is how the MS 64-bit calling convention works.

So you can do this:
Code:
proc HiMsgB name:qword
mov [name],rcx ;"name" is a memory address so you can store the value of rcx here
invoke MessageBox,0,[name],0,0 ;work fine
ret    
Or you can do this:
Code:
proc HiMsgB name:qword
invoke MessageBox,0,rcx,0,0 ;use rcx directly if you don't need the value later
ret    
But this is wrong
Code:
proc HiMsgB name:qword
invoke MessageBox,0,[name],0,0 ;[name] has not been initialised yet, it is just a placeholder
ret    
Post 26 Sep 2019, 08:33
View user's profile Send private message Visit poster's website Reply with quote
ProMiNick



Joined: 24 Mar 2012
Posts: 816
Location: Russian Federation, Sochi
ProMiNick 26 Sep 2019, 09:25
Thou could accept that in 64 bit there is no calls with less than 4 parameters.
We allways could define (or skip) any of rcx,rdx,r8,r9.
In current case passing parameter to rcx only for later moving it to edx - is stupid.
Code:
proc HiMsgB ;dummy,name
invoke MessageBox,0,rdx,0,0
ret
endp    


Code:
invoke HiMsg,rcx,'Hi ! World !'    
Post 26 Sep 2019, 09:25
View user's profile Send private message Send e-mail Reply with quote
Roman



Joined: 21 Apr 2012
Posts: 1872
Roman 26 Sep 2019, 10:02
Thanks to all
Post 26 Sep 2019, 10:02
View user's profile Send private message Reply with quote
Roman



Joined: 21 Apr 2012
Posts: 1872
Roman 26 Sep 2019, 11:11
What about dll for 64 bits ?
what are the nuances ?
Post 26 Sep 2019, 11:11
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20486
Location: In your JS exploiting you and your system
revolution 26 Sep 2019, 11:15
For DLLs and EXEs the calling conventions are the same when you are interfacing with the OS.

For internal calls between your own functions you can do whatever you want.
Post 26 Sep 2019, 11:15
View user's profile Send private message Visit poster's website Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2025, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.